securityaffairs.com 7/18/2026, 12:51:40 PM · external

CISA urges patch of FortiSandbox, SharePoint flaws amid exploits

CISA urges patch of FortiSandbox, SharePoint flaws amid exploits
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

ON July 16, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two critical vulnerabilities from Fortinet FortiSandbox and one from Microsoft SharePoint in its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are as follows: 1) CVE-2026-25089 - Fortinet FortiSandbox OS Command Injection (CVSS 9.8); 2) CVE-2026-39808 - another OS Command Injection in FortiSandbox (CVSS 9.8); 3) CVE-2026-58644 - Microsoft SharePoint Deserialization of Untrusted Data (CVSS 9.8).

Microsoft has acknowledged the exploitation of the SharePoint vulnerability, which can be triggered without authentication. CISA has mandated that federal agencies address these vulnerabilities by July 19, 2026, to mitigate potential attacks.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline